Computing system architectures have been continuously developed and engineered to improve security operations. Techniques to secure IO operations within a computing system are often referred to as “Trusted IO”, which may include mechanisms to ensure that the data of an IO device stored within memory are cryptographically secure. For example, some of the objectives of Trusted IO is to ensure that data from device-to-memory operations, such as direct memory access (DMA) transactions, are untampered with and unusable by unintended parties and rogue software or agents, and to protect the secrecy of data in such transactions.
In system-on-chip (SoC) implementations, the on-chip boundary forms a natural security boundary where data and code may be used in plaintext and is assumed to be secure, whereas computing platform memory is assumed to be not secure. Thus, trusted execution environments (TEEs) secure the execution of an application and its associated data when such data is resident in the memory. However, to provide true end-to-end security, TEE environments will have Trusted IO implemented back to the source—the IO device.
Although a variety of cryptographic techniques may be implemented in a Crypto Engine (CE) of the SoC to secure data to and from memory, IO data will still be transmitted in the clear between the CE and the IO device controller. In some scenarios, the fabric which routes data on the path between the device controller and the CE is under the control of the host software, which may be untrusted. As a result, secrets may be exposed if data is re-directed toward a memory-mapped IO space under the control of untrusted software while flowing through the host-controlled fabric of the SoC.